Allow change email

[riderx]

Make feature to change email.

It should update auth user account, and table users column email in public schema. The email should be checked if exist with our custom Postgres method exist_user

[riderx]

/bounty $100

[algora-pbc[bot]]

💎 $100 bounty created by riderx 🙋 If you start working on this, comment /attempt #269 to notify everyone 👉 To claim this bounty, submit a pull request that includes the text /claim #269 somewhere in its body 📝 Before proceeding, please make sure you can receive payouts in your country 💵 Payment arrives in your account 2-5 days after the bounty is rewarded 💯 You keep 100% of the bounty award 🙏 Thank you for contributing to Cap-go/capgo!

Attempt	Started (GMT+0)	Solution
🟢 @neo773	Aug 16, 2023, 3:09:02 AM	#272
🟢 @ayusham001	Aug 16, 2023, 9:31:02 AM	WIP

[neo773]

/attempt #269

Options

• Cancel my attempt

[ayusham001]

/attempt #269

Options

• Cancel my attempt

[algora-pbc[bot]]

Note: The user @neo773 is already attempting to complete issue #269 and claim the bounty. If you attempt to complete the same issue, there is a chance that @neo773 will complete the issue first, and be awarded the bounty. We recommend discussing with @neo773 and potentially collaborating on the same solution versus creating an alternate solution.

[algora-pbc[bot]]

💡 @neo773 submitted a pull request that claims the bounty. You can visit your org dashboard to reward.

[riderx]

to update the table users, you need to manage to allow it with RLS without breaking security ( like anyone can update users then)

[neo773]

to update the table users, you need to manage to allow it with RLS without breaking security ( like anyone can update users then)

Your current implementation is just a client side check with disabling the email input check if I do a POST request I can still update the email to any email I want. But an attacker can't really do much about it since login still goes through supabase's auth email not the user's table.

[riderx]

Agree the security allow it now, I would like to improve that, I can do a separate task. Right now there are one other problems, in production a confirmation email is sent and when clicked the email is updated, so it's at this moment the update should happen for the public user. It's also necessary to check if the confirmation work for email change

[neo773]

@riderx Just pushed the changes it will only update the email on confirmation now And about the bounty can you split it into 2 and give 30% to @WcaleNieWolny

https://github.com/Cap-go/capgo/assets/62795688/31e21ba7-6a83-41e0-8e10-aa8486c4055a

[algora-pbc[bot]]

🎉🎈 @neo773 has been awarded $100! 🎈🎊

[riderx]

Hey @neo773 thanks for the update ! I'm not sure to understand how @WcaleNieWolny was involved. The bounty was self close so i couldn't do the split, but i can tips him

[neo773]

@riderx He helped me with the supabase setup, I couldn't get it work (There seems to be a bug with supabase itself so was really tricky)

[riderx]

Oh okay thanks a lot <3 /tip 30 @WcaleNieWolny

[algora-pbc[bot]]

🎉🎈 @WcaleNieWolny has been awarded $30! 🎈🎊

[riderx]

Thanks for the screenshot that help me to understand how shitty the dev env is ^^

[riderx]

with the last commit i made yesterday it should be easier to work on bounty, i will create a discord channel to help each others